Questions about inferred state machines for OpenSSH

Wed Feb 10 15:03:07 AEDT 2016

On Wed, 27 Jan 2016, P. V. wrote:

> Hi Damien,
> 
> Thanks for your reply. I really appreciate you taking the time to
> investigate this.
> 
> I will try to clarify some things.
> 
> > I'm not sure what you mean by "entering a key exchange without receiving
> > a proper kexinit message" because key exchange is initiated by a kexinit
> > message. Do you mean that method specific messages are accepted before
> > KEXINIT? (I can't see how this can happen from looking at the code).
> 
> Attached (log1) you find the OpenSSH debug log for a sequence in which
> I manually send the sequence "SSH_MSG_KEXDH_INIT; SSH_MSG_KEXDH_INIT;
> SSH_MSG_NEWKEYS". A normal key exchange sequence would be
> "SSH_MSG_KEXINIT; SSH_MSG_KEXDH_INIT; SSH_MSG_NEWKEYS". Unless there
> is an error in my code, it seems that OpenSSH does accept this anyway.
> The log states:
> > Jan 27 11:19:31 desktop sshd[4066]: debug1: SSH2_MSG_KEXINIT received [preauth]
> while it didn't receive a KEXINIT but a KEXDH_INIT.
> 
> Same goes for a sequence such as: "SSH_MSG_IGNORE; SSH_MSG_KEXDH_INIT;
> SSH_MSG_NEWKEYS". Instead of receiving a KEXINIT, the server receives
> an IGNORE but continues with the key exchange anyway.
> 
> This only applies to the messages the server receives, it always
> correctly sends an KEXINIT upon connection.

I've added some debugging to ssh and sshd that might prove useful -
they will not include the types they receive in debug output.

> I sent the following message sequence to the server: "SSH_MSG_KEXINIT;
> SSH_MSG_KEXDH_INIT; SSH_MSG_NEWKEYS; SSH_MSG_SERVICE_REQUEST;
> SSH_MSG_NEWKEYS". It behaves normally up until the point that I
> initiate a key re-exchange (last message). The SSH server returns an
> SSH_MSG_UNIMPLEMENTED and closes the connection. Log2 gives the debug
> output.

You're right - I'll take a look at fixing this. It seems that the
userauth code is clobbering the handlers for the KEX messages.

> > It would be helpful to see debug messages from ssh/sshd for this case
> > (well, all cases but this in particular).
> 
> I sent the following sequence to the OpenSSH server.
> 
> SSH_MSG_KEXINIT;
>  (server replies with SSH_MSG_KEXINIT)
> SSH_MSG_KEXDH_INIT;
>  (server replies with SSH_MSG_KEXDH_REPLY)
> SSH_MSG_NEWKEYS;
>  (server does not reply)
> SSH_MSG_SERVICE_REQUEST;
>  (server replies with SSH_MSG_SERVICE_ACCEPT)
> SSH_MSG_USERAUTH_REQUEST
>  (server replies with SSH_MSG_USERAUTH_SUCCESS and SSH_MSG_GLOBAL_REQUEST)
> SSH_MSG_CHANNEL_OPEN
>  (server replies with SSH_MSG_CHANNEL_OPEN_CONFIRMATION)
> 
> -- Now I do a rekey --
> SSH_MSG_KEXINIT;
>  (server replies with SSH_MSG_KEXINIT)
> SSH_MSG_KEXDH_INIT;
>  (server replies with SSH_MSG_KEXDH_REPLY)
> SSH_MSG_NEWKEYS;
>  (server does not reply)
> 
> -- Now I close the channel --
> 
> SSH_MSG_CHANNEL_CLOSE
>   (server replies with SSH_MSG_CHANNEL_CLOSE and sends an SSH_MSG_DISCONNECT)
> 
> The entire debug log can be found in the log4 attachment.

It looks like the channel is being closed twice for some reason:

Jan 27 11:47:32 desktop sshd[4673]: debug1: session_by_channel: session 0
channel 0
Jan 27 11:47:32 desktop sshd[4673]: debug1: session_close_by_channel: channel 0
child 0
Jan 27 11:47:32 desktop sshd[4673]: debug1: session_close: session 0 pid 0
Jan 27 11:47:32 desktop sshd[4673]: debug1: channel 0: free: server-session,
nchannels 1
Jan 27 11:47:32 desktop sshd[4673]: channel_by_id: 0: bad id: channel free
Jan 27 11:47:32 desktop sshd[4673]: Disconnecting: Received oclose for
nonexistent channel 0.

I think the extra debugging in git HEAD might help see what's going on
here. You should see debug messages like:

debug3: receive packet: type 98
debug3: receive packet: type 96
debug3: receive packet: type 97
debug3: send packet: type 97

among the other ones that should make the sequence of operations clearer.

-d

-d